Menu

Virtual Geek

Tales from real IT system administrators world and non-production environment

How to Audit HPE iLO Active Directory Settings with PowerShell and Redfish API

This script focuses on automating the audit of Active Directory and LDAP settings across multiple generations of HPE iLO using PowerShell and the Redfish API. Before running the script First you will need to create a CSV file with HPE Generation, IP, username and password information as shown in the below csv format.

Gen,Model,IP,Username,Password
4,HPE,10.10.101.10,Administrator,MySecretPass
4,HPE,10.10.101.11,Administrator,MySecretPass
5,HPE,10.10.101.12,Administrator,MySecretPass
5,HPE,10.10.101.13,Administrator,MySecretPass

Download this script HPE ILO_LDAP_Report_PowerShell_Redfish here it is also available on github.com.

Once you have all the information in place, this PowerShell ps1 script handles the logic difference between the older /rest/v1 (iLO 4) and the modern /redfish/v1 (iLO 5) HPE ILO endpoints, as that is a major pain point for admins. The TrustAllCertsPolicy handles and ignores if ILO SSLcertificate is self signed.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
 
Set-Location $PSScriptRoot
$Global:CsvFile = '.\ILOList.csv'
#$Global:Cred = Get-Credential -UserName Administrator -Message 'Enter the password for the iLO devices'

$csvData = Import-Csv $csvFile | Where-Object {$_.Model -eq 'HPE'}

add-type @"
    using System.Net;
    using System.Security.Cryptography.X509Certificates;
    public class TrustAllCertsPolicy : ICertificatePolicy {
        public bool CheckValidationResult(
            ServicePoint srvPoint, X509Certificate certificate,
            WebRequest request, int certificateProblem) {
                return true;
        }
    }
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy

function Login-HPEILO {
    [cmdletbinding(ConfirmImpact = 'Medium')]
    param (
        [Parameter(Mandatory=$true, HealpMessage = 'Enter the IP address of the iLO Device')]
        [string]$Ilo = '127.0.0.1',
        [Parameter(Mandatory=$true)]
        [string]$Username = 'Administrator',
        [Parameter(Mandatory=$true)]
        [string]$Password = 'xxxxxx'
    )
    # Ilo - Login
    # $username = $cred.UserName
    # $password = $cred.GetNetworkCredential().password
    $uri = "https://$Ilo/redfish/v1"
    $body = @{Username = $Username; Password = $Password} | ConvertTo-Json
    $hpeSession = Invoke-WebRequest -Uri "$uri/SessionService/Sessions" -Method Post -Body $body -ContentType 'application/json'  #-UseBasicParsing for 5.1 version
    $hpeSession
}

foreach ($csv in $csvData) 
{
    $ilo = $sv.IP

    if ($csv.Gen -eq 5)
    {
        $uri = "https://$ilo/redfish/v1/AccountService"
    }
    else
    {
        $uri = "https://$ilo/rest/v1"
    }
    try 
    {
        $hpeSession =  Login-HPEILO -Ilo $ilo -Username $csv.Username -Password $csv.Password -ErrorAction stop
        $authHeaders =  @{'X-Auth-Token' =  $hpeSession.Headers.'X-Auth-Token'}
        $adLoginSuccess = $true
        $hpeInfo = Invoke-WebRequest -Uri $uri -Method Get -Headers $authHeaders -ContentType 'application/json' -ErrorAction Stop #-UseBasicParsing for 5.1 version
        $activeDirectory = $hpeInfo.Content -ireplace ('type', 'NewType') | ConvertFrom-Json -ErrorAction Stop

    }
    catch {
        $adLoginSuccess = $false
        $activeDirectory = $null
    }

    if ($csv.Gen -eq 5)
    {
        #$activeDirectoryStatus = $activeDirectory.ActiveDirectory.ServiceEnabled
        $activeDirectoryStatus = $activeDirectory.ActiveDirectory.RemoteRoleMapping.RemoteGroup -Join ', '
    }
    else 
    {
        $activeDirectoryStatus = $activeDirectory.Oem.Hp.Session.LDAPEnabled
    }
    [PSCustomObject]@{
        Ilo = $ilo
        ADLoginSuccess = $adLoginSuccess
        ActiveDirectory = $activeDirectoryStatus
        Gen = $csv.Gen
    }
}

Here is the report it pulls and show on the console, Which shows whether active directory user login is successful and if successful what AD group is added for authentication.

Multi-Generational HPE iLO Active Directory Reporting via PowerShell

Useful Articles
Configure SNMP Service on HPE ILO Redfish Rest API using PowerShell
Excel on Web Browser: Simple Guide for Reports & Dashboards - RVTools VMware vCenter report
Advanced VMware Virtual Machine Disk Mapping HTML Reporting with PowerCLI
PowerShell HPE ILO4 Rest API automation examples dell hpe ilo dell idrac powershell restful api restapi automation consume.png
Powershell Configure ILO5 using Restful API
Configure Dell iDrac9 Rest API with Powershell
Powershell Dell iDrac redfish Rest API basic authentication

Go Back

 Posted in Powershell
  Tags hpe ilo powershell

Comment

Protected by Mathcha

Blog Search

Page Views

1 4 7 9 7 9 4 9

Archive

Comments

Follow me on Blogarama